b4fc5b365d6ccb4dc726a82c8b3f1c39ce16bf848c779706569c938d1a6855a8

Submit
Reports

Overview

overview

Static

static

malware-sa...04.exe

windows7-x64

malware-sa...04.exe

windows10-2004-x64

malware-sa...nt.doc

windows7-x64

malware-sa...nt.doc

windows10-2004-x64

malware-sa...oc.xls

windows7-x64

malware-sa...oc.xls

windows10-2004-x64

malware-sa...l.docm

windows7-x64

malware-sa...l.docm

windows10-2004-x64

malware-sa...nt.exe

windows7-x64

malware-sa...nt.exe

windows10-2004-x64

malware-sa...on.exe

windows7-x64

malware-sa...on.exe

windows10-2004-x64

malware-sa...el.exe

windows7-x64

malware-sa...el.exe

windows10-2004-x64

malware-sa...ab.exe

windows7-x64

malware-sa...ab.exe

windows10-2004-x64

malware-sa...nt.exe

windows7-x64

malware-sa...nt.exe

windows10-2004-x64

malware-sa...nt.exe

windows7-x64

malware-sa...nt.exe

windows10-2004-x64

malware-sa...FI.exe

windows7-x64

malware-sa...FI.exe

windows10-2004-x64

malware-sa...nt.exe

windows7-x64

malware-sa...nt.exe

windows10-2004-x64

malware-sa...LL.dll

windows7-x64

malware-sa...LL.dll

windows10-2004-x64

malware-sa...ar.bin

macos-10.15-amd64

malware-sa...an.exe

windows7-x64

malware-sa...an.exe

windows10-2004-x64

malware-sa...64.dll

windows7-x64

malware-sa...64.dll

windows10-2004-x64

malware-sa...28.exe

windows7-x64

Analysis

max time kernel
133s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 02:15

Sharing

Copy URL

Twitter E-mail

Static task

static1

16 signatures

Behavioral task

behavioral1

Sample

malware-sample-library-master/APT28 FancyBear/APT28,NATOPAPER,SOFACY2004.exe

Resource

win7-20240221-en

persistence

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

malware-sample-library-master/APT28 FancyBear/APT28,NATOPAPER,SOFACY2004.exe

Resource

win10v2004-20231215-en

persistence

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral3

Sample

malware-sample-library-master/APT28 FancyBear/APT28DecoyDocument.doc

Resource

win7-20240221-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral4

Sample

malware-sample-library-master/APT28 FancyBear/APT28DecoyDocument.doc

Resource

win10v2004-20240226-en

windows10-2004-x64

4 signatures

150 seconds

Behavioral task

behavioral5

Sample

malware-sample-library-master/APT28 FancyBear/APT28DropperExcelDoc.xls

Resource

win7-20231129-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral6

Sample

malware-sample-library-master/APT28 FancyBear/APT28DropperExcelDoc.xls

Resource

win10v2004-20240226-en

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral7

Sample

malware-sample-library-master/APT28 FancyBear/APT28Hospital.docm

Resource

win7-20240221-en

persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral8

Sample

malware-sample-library-master/APT28 FancyBear/APT28Hospital.docm

Resource

win10v2004-20240226-en

persistence

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral9

Sample

malware-sample-library-master/APT28 FancyBear/APT28Implant.exe

Resource

win7-20240215-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

malware-sample-library-master/APT28 FancyBear/APT28Implant.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral11

Sample

malware-sample-library-master/APT28 FancyBear/APT28wmsApplication.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

malware-sample-library-master/APT28 FancyBear/APT28wmsApplication.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

malware-sample-library-master/APT28 FancyBear/Backdoor.XTunnel.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

malware-sample-library-master/APT28 FancyBear/Backdoor.XTunnel.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

malware-sample-library-master/APT28 FancyBear/FancyBearZekapab.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

malware-sample-library-master/APT28 FancyBear/FancyBearZekapab.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

malware-sample-library-master/APT28 FancyBear/FancyBearZekapabImplant.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

malware-sample-library-master/APT28 FancyBear/FancyBearZekapabImplant.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

malware-sample-library-master/APT28 FancyBear/FancyImplant.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

malware-sample-library-master/APT28 FancyBear/FancyImplant.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

malware-sample-library-master/APT28 FancyBear/LoJaxInfo_EFI.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral22

Sample

malware-sample-library-master/APT28 FancyBear/LoJaxInfo_EFI.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

malware-sample-library-master/APT28 FancyBear/LoJaxSmallAgent.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral24

Sample

malware-sample-library-master/APT28 FancyBear/LoJaxSmallAgent.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

malware-sample-library-master/APT28 FancyBear/LoJaxSmall_AgentDLL.dll

Resource

win7-20240215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

malware-sample-library-master/APT28 FancyBear/LoJaxSmall_AgentDLL.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

malware-sample-library-master/APT28 FancyBear/MacOSKomplexFancyBear.bin

Resource

macos-20240214-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

malware-sample-library-master/APT28 FancyBear/X-AgentTrojan.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

malware-sample-library-master/APT28 FancyBear/X-AgentTrojan.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

malware-sample-library-master/APT28 FancyBear/Xagent64.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

malware-sample-library-master/APT28 FancyBear/Xagent64.dll

Resource

win10v2004-20240226-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral32

Sample

malware-sample-library-master/APT28 FancyBear/ZekaAPT28.exe

Resource

win7-20240221-en

upx

windows7-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

malware-sample-library-master/APT28 FancyBear/Backdoor.XTunnel.exe
Size

1.8MB
MD5

9e7053a4b6c9081220a694ec93211b4e
SHA1

f09780ba9eb7f7426f93126bc198292f5106424b
SHA256

4845761c9bed0563d0aa83613311191e075a9b58861e80392914d61a21bad976
SHA512

f231dc71616aa96a5d44bf4ceef8855ca367ba4bfde1fc82af1b383c89699a66c656758fb049cf012a25e3bff82db506e0cdfada87d7d71273eddb1a4ce42bac
SSDEEP

24576:JKw4ZZ6rTIBJwqEaxChz52shpktYlecs5ZCo+jlxf1NTfkYJ+nbgEvrZmDxcP+4F:Iw4ZMrTeJKisRki+F8q24eZxtP

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\malware-sample-library-master\APT28 FancyBear\Backdoor.XTunnel.exe
"C:\Users\Admin\AppData\Local\Temp\malware-sample-library-master\APT28 FancyBear\Backdoor.XTunnel.exe"
1⤵
PID:2276

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads